Slashdot Mirror

← Back to Stories (view on slashdot.org)

cPanel Exploit Used to Circulate IE Exploit

Posted by ryuzaki0 on from the ouroboros dept.

miller60 writes "In a dangerous combination of unpatched exploits, hackers have used a previously undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit. cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix. It's a local exploit, meaning the attacker must control a cPanel account on the target hosting provider."

5 of 95 comments (clear)

  1. Re:As always.. by Anonymous Coward · · Score: 5, Informative

    In hostgator's defense, they do have a good security team and this had nothing to do with ftp. It's interesting to read through the following thread to see how they were handling the problem:
    http://forums.hostgator.com/showthread.php?t=10928

    I'm a customer whose site didn't have problems, but I am satisfied with how they got on this problem. Not perfect, but definetly good. Of course when I read this headline I was shitting bricks for a moment or two.

  2. Hostgator support forum discussion on the virus by Anonymous Coward · · Score: 5, Informative

    Discussion on the hosting company's (HostGator) support forum: http://forums.hostgator.com/showthread.php?t=10928

  3. Re:firefox by Marcion · · Score: 5, Interesting

    I use webmin/usermin (BSD licence) instead of Cpanel (proprietary).

    It seems a bit odd to stick a proprietary web control panel to control a load of open-source software on an open-source web-server running on an open-source operating system.

    But thats just me....

    --
    My little Linux and tech blog
  4. Re:Temporary Fix by walstib · · Score: 5, Funny
    This Windows exploit is similar to the WMF exploit
    which is similar to the WTF exploit...
    --
    The most dangerous strategy is to jump a chasm in two leaps. - Benjamin Disraeli
  5. Re:Bluehost issued a fix. by KmArT · · Score: 5, Informative

    Er, so you run a hosting company and cPanel is confirmed buggy, by you, and yet you continue to run it? And why should I ever consider hosting with you? Rather than moan and complain about the bugs, find another software package that is more secure. Or write your own... Tolerance of poor software is why it still exists..